TW201015916A - System and method for identifying user establishing network connection - Google Patents

System and method for identifying user establishing network connection Download PDF

Info

Publication number
TW201015916A
TW201015916A TW097139308A TW97139308A TW201015916A TW 201015916 A TW201015916 A TW 201015916A TW 097139308 A TW097139308 A TW 097139308A TW 97139308 A TW97139308 A TW 97139308A TW 201015916 A TW201015916 A TW 201015916A
Authority
TW
Taiwan
Prior art keywords
network
routing
connection
user
client device
Prior art date
Application number
TW097139308A
Other languages
Chinese (zh)
Inventor
Ming-Shan Shyu
Yuan-Ting Hsu
Ching-Keui Chang
Feng-Peng Yu
I-Fang Wu
Original Assignee
Chunghwa Telecom Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chunghwa Telecom Co Ltd filed Critical Chunghwa Telecom Co Ltd
Priority to TW097139308A priority Critical patent/TW201015916A/en
Priority to US12/543,948 priority patent/US20100091773A1/en
Publication of TW201015916A publication Critical patent/TW201015916A/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/302Route determination based on requested QoS
    • H04L45/306Route determination based on the nature of the carried application
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/42Centralised routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/58Association of routers
    • H04L45/586Association of routers of virtual routers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2212/00Encapsulation of packets

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Disclosed is a system and method of identifying users establishing network connections, characterized in that a network service system based on TCP/IP properties is employed by the Internet Service Provider, ISP to provide different service orientation methods. The method comprises connecting a user end routing device and then guiding the user routing device to a specific routing according to a programmed file stored in the user end device, thereby overcoming the drawbacks of prior techniques in which routing devices configured by Internet Service Providers can only transmit via Internet Protocol according to a routing table but are unable to make routing orientations according to the packets characteristics. The present invention provides the function of offering flexible combinations with respect to transmission packets routings of specific network users.

Description

201015916 九、發明說明: 【發明所屬之技術領域】 本發明係關於一種網路用戶 '法,爭# — ^ j塔用戶之連線識別系統與方 ^ i ^ ™ a 由裝置中,糟由不同的虛擬 路由裝置透過網路邏輯介面以區別 不同服務的網路用戶可將該網路用 、 ’對 , 將这網路用戶之封包資料導入特 疋路由路控之系統與方法。 【先前技術】 β由於網路技術的發展’使得網路系統建構的速度加 ^在網路越來越普及的情況下’使用者透過網路來進行 項人類活動已經是必然的趨勢,例如使用網路搜集資 料、瀏覽知識、購買商品或交朋友等等。 、 - @使用者欲連結網際網路,—般必須透過網際網路服 ,務提供者(Internet Service Pr〇vider,Isp)來進行連 線。網際網路服務提供者就是為用戶提供導入網際網路和 〇網路訊息服務的公司或機構,這些公司投人資金建立機房 連線設備,並租用大量線路與頻寬,再分給一般使用者並 收取費用。通#用戶可透過有線或無線網路連線方式,麫 .由網際網路服務提供者的路由裝置才能和網際網路相連^ - 然而,面對網路行為越來越多元化,許多異常的網路 連線行為已非網際網路服務提供者網路中之路由裝置可 處理,必須透過專門的服務系統來輔助。201015916 IX. Description of the invention: [Technical field to which the invention pertains] The present invention relates to a network user's method, which is a method for the connection identification of a user of a tower user and a party ^ i ^ TM a The virtual routing device can distinguish the different service network users through the network logical interface, and the network can be used to 'transport the network user's packet data into the special routing control system and method. [Prior Art] Due to the development of network technology, the speed of network system construction is increasing. When the network is becoming more and more popular, it is an inevitable trend for users to conduct human activities through the network, for example, Collect information, browse knowledge, buy goods or make friends, etc. , - @Users want to connect to the Internet, they must be connected through the Internet Service Pr〇vider (Isp). Internet service providers are companies or organizations that provide users with Internet and Internet messaging services. These companies invest in funds to build room connectivity devices, lease a large number of lines and bandwidth, and then distribute them to general users. A fee will be charged. The user can connect via wired or wireless network, and the Internet service provider's routing device can connect to the Internet. ^ However, in the face of increasingly diversified network behavior, many abnormalities Network connectivity has been handled by routing devices in the Internet Service Provider's network and must be assisted by a dedicated service system.

»月參閱第1圖,為習知技術之I p_base(i網路封包傳 輸系統之架構圖。於習知技術中,A用戶端裝置i ' B 110973 5 201015916 用戶端裝置10b以及C用戶端裳置10c均先透過路由裳置 11連結至服務供應裝置12,由服務供應裝置12對用戶 行識別並提供特定服務後,再連結至網際網4 13。以目 的地IP為基礎的封包轉送機制,無法針對封包特性判別 而作路徑導向,且由於所有用戶端裝置都必須通過服務供 應裝置12,且服務供應裝置12需判斷應提供何種服務給 用戶端裝i,因此容易造成服務供應裝i 12貞載過大。 綜上所述’如何提供在路由裝置與服務系統間針對申*Monday refers to Figure 1, which is the I p_base of the prior art (the architecture diagram of the i network packet transmission system. In the prior art, the A client device i ' B 110973 5 201015916 the client device 10b and the C user end The setting 10c is first connected to the service provider 12 through the routing device 11, and after the service provider 12 identifies and provides a specific service to the subscriber line, it is connected to the Internet 4 13. The packet forwarding mechanism based on the destination IP, The path guidance cannot be made for the packet characteristic discrimination, and since all the client devices have to pass through the service providing device 12, and the service providing device 12 needs to determine what kind of service should be provided to the user terminal, it is easy to cause the service provision device i 12 The 贞 is too big. In summary, how to provide a solution between the routing device and the service system

©請網路或服務的用戶進行連線識別與導入處理,以對特A 用戶之封包資料進行分流與管理,遂成為目前亟決= 課題。 y 【發明内容】 A解決前述習知技術之缺失,本發明之目的在於提供 網路用戶之連線識別系統與方法,用以識別連線的用 身份並提供符合該用戶網路連線服務導向的路由。 ⑩ A達前a目的及其他目的,本發明提供-種網路用戶 =連線識別系統與方法。該網路用戶之連線識別系 端裂置;路由裝置’係用以提供該用戶端裂置連 ' ^由路徑;以及服務供應裝置,係心提供料服 v s'二端裝置’其中’該路由裝置根據對應該用戶端裝詈 之設定檀將該用戶端裝置網路連線導入該服務供應裝置。 復包態樣中’本發明之網路用戶之連線識別、系統 提係用以將對應該用戶端裝置之設定標 110973 6 201015916 於另一較佳態樣中’該服務供應裝置提供之服務可為 防毒、掃毒、阻檔惡意封包、阻播惡意連線及/或網頁過 ㈣明之網路用戶之連線識別方法,包括卩下步驟: ⑴令用戶端裝置連結路由裝置;以及⑵令該路由裝置 根據對應該用戶端裝置之設定槽將該用戶端裝置網 線導入特定之路由路徑。 於一較佳態樣中’步驟⑴復包括:(卜1)令供裝伺 ❹服器依據該設定檔對該路由裝置進行設定;以及(卜/ 該用戶端裝置連結該路由裝置。 7 相較於習知的技術,本發明之網路用戶連線識別 與方法利用網路使用纟於申請供裝服務時所建立之設— -檔來識別特定網路用戶。一旦該特定網路用戶進行網:: .線’接取路由器即會依照設定檔的内容將用戶的封包資 料’導入適當的路由路經或服務供應裝置藉以 端進行封包分流與管理。 【實施方式】 >以下係藉由特定的具體實施例說明本發明之實施方 式’熟悉此技術之人士可由本說明書所揭示之内容輕易地 瞭解本發明之其他優點與功效。本發明亦可藉由其他 的具體實施例加以施行或應用。 請參閱第2圖,其係本發明之網路用戶之連 統的架構®。如圖所示,本發明之網路用戶之連線識別系 統中’包括用戶端裝置2 G、路由裝置2卜服務供應褒置 ]10973 7 201015916 22以及網域23。 用戶端裝置2G係為可存取資料並進行資料處理之 —子設備’例如桌上型電腦、筆記型電腦、數位電視裝置、 個人數位助理及/或行動電話。 广路由裳置21係用以提供用戶端裝置21連線路由路 徑。路由裝置21是—種使資訊在網路間彼此傳送的讯 備,用來決定資料傳遞路徑。由於網路上的資料分成一: 一段的封包(卿㈣,而這些封包要指向何處便是由路^ ❹裝置21來決定。路由裝置21會根據資料的目的地,指示 正確的方向,計算評估最便捷有效率的路徑來傳輸資^ 將封包做最佳化的傳輸,找出最適當的路徑。因此,當用 戶端裝置20上傳或接收資料封包時,路由 •資料封包導向特定之路由器或伺服器。 了將該 • 服務供應裝置2 2係用以提供該用戶端裝置2 〇各種服 ,内容。其中,該服務供應|置22提供之服務可為防毒、 ©掃毒、阻擋惡意封包、阻擋惡意連線及/或網頁過遽。 本發明具體實施時,首先由用戶端裝置20連結路由 装置21,接著,於路由裝置21中根據該用戶端裝置2〇 =設定檔產生對應之路由路徑1好端裝置2()將封包 育料上傳時,路由裝置21可透過策略性路由 (Policy-Based Routing ; PBR)技術將該封包資料導入特 定之路由路徑,以傳送至預設之服務供應裝置22中執行 服=容’最後’再藉由路由裝置21傳輪至網域23。而 該設定檔的内容則是依據PBR技術來撰寫,該設定檔是依 110973 8 201015916 據用戶端進行網路申裝或服務申請時所建立者。在此須提 出說明的是,路由裝置21及設定檔並不限定採用pBR'技 術,舉凡可識別用戶端連接請求並將該請求導入特定路由 的通訊協定技術均可使用。 於一較佳實施例中,該用戶端裝置透過廣域網路系 統、虛擬私人網路系統、區域網路系統及/或無線網路連 結該路由裝置。 於另一較佳實施例中,本發明之網路用戶之連線識別 β系統,復包括供裝健器,係用以將對應該用戶端裝置之 設定檔提供予該路由裝置。 睛參閱第3圖’其係本發明之網路用戶之連線識別系 統一具體實施例之架構圖。本實施例中包括用戶端裝置 • 30路由裝置31、供裝伺服器32、服務供應裝置犯以及 •網際網路34,運作方式詳細說明如下。 Γ戶端裝置3G必須連結至路由裝置31始能將封包資 ❹裎則至網際網路料。當用戶端裝置30向網際網路服務 供者申請供裝或網路服務時,該網際網路服務提供者合 建立設定檔’以供路由裝置31進行設定,於本實: ' :該網際網路服務提供者將建立的設定槽儲存於供裝 二民:32中,由供裝伺服器32對該路由裝置31進行設 =虽用戶端裝置30的封包資料傳送至路由裝置31,該 +裝置31會根據設定檑將封包資料導向服務供應褒置 糟=執行服務内容,於完成後傳回路由裝置3卜由該 衣置31將封包資料傳向網際網路34。而來自網際網 110973 9 201015916 路34的封包資料’同樣此路經由路 裝置30。因此,透過本發 、置31導向用戶端 •戶之封包資料進行分流及管理二避:r】r網路用 服務供應裝置負載過大的問題。 4¾知技術中 於一較佳實施例中,路由裝置31 =數個一,使上傳及下傳封包資料可獲;= 供 为•田ό *山狀® 貝才斗其中’供裝資料可 為用戶&裝置3G的連線方式及/或申請服務種類。τ 申進一步提出說明的是’針對網路用戶不同的 申印内谷所產生的不同設定檔,該設定槽门的 -伺服器32或路由裝置31中,| 存於該供裝 ❿ 二依路由對應該用戶的設定播將該用戶的連線路獲心至 請參閱第4圖,其係本發明之網路用戶之連 =-具體實施例之架構圖。本實施例中包括服務:戶= 裝置40a、一般用戶端裝置4〇b、接取路由器4卜供 服器42、網路連線設㈣以杨、服務供應^构 及網際網路45。 44以 服務用戶端裝置40a已向網際網路服務提供 上網功能與特定網路服務功能,而一般用戶端裝置5月 僅申請上網功能,因此根據用戶端裝置所申請之不同内^ Π0973 10 201015916 形成兩》又疋;is,以供接取路由器41將封包資料導向於不 同路由路徑中。 ' 具體實施時’一般用戶端裝置40b透過網路連線設備 43b連結至接取路由器41。接取路由器41根據設定槽的 内容區分為A虛擬路由器410及B虛擬路由器411。由於 一般用^端裝置傷申請上網功能’故當封包資料進入接 取路由器41時,即由B虛擬路由器!將該封包資料導 入網際網路45。同樣地’來自網際網路45傳送給二般用 〇戶端裝置杨的封包資料,經過接取路由ϋ 4卜由B虛 擬路由器4U將該封包資料下傳給—般用戶端裝置他, 以完成封包傳遞。 ::服務用戶端裝置4〇a ’當其透過網路連線設備 ^ 接取路由11 41時,即由A路由ϋ 41〇將來自 .裝置屬之封包資料導入服務供應裝置以。 ,々山m , 務供應裝置44處理後,再傳至β虛擬 ❹路由态411以將該封包資料導入網際網路45。另一 ^網際網路45:下傳給服務用戶端裝置恤的封包資 處理:傳輪’封包資料經由服務供應裝置44 由器41°,再傳至用戶端裝置術。 的設定播’此設定棺於接取路由g 同 封包傳輸路線。上述實浐& 士 ^ p了疋義不同的 資料弁值5 η 令服務用戶端裝置40a的封包 、,先傳至A虛擬路由器4]〇,接著傳至服務供 44再傳至β虛擬路由器41】以上傳至網際網路45 Γ使 110973 11 201015916 =務用戶端裝i術的料資料必須 置44進行控管。故本發明透過不同的路由路搜 用戶端裝置的上行與下行封 :傳輸不同 '網路服務組合。 l貝料叫供更具彈性的 參閱第5圖’係本發明之網路用戶之連線 流程圖。如圖所示,其具體流程包括以下的步驟的 於步驟S50中,令用戶端裝置連結路由 該用戶端震置透過廣域網路系統、虛擬私人 ^中’ ❹=系統及/或無線網路連結該路由裝置:用戶端= 電話了上沒電腦、筆記型電腦、個人數位助理及/或行動 飼服=圭/施例,步驟S50復包括步驟S501令供裝 -置’以及步驟S5G2令該用戶端裝置連結該路由裝置。裝 於步驟S51中,令該路由裝置根據對應該 ❿3 =將該用戶端裝置導入特定之服務供應裝置,藉以 子封匕一貝料進行分析或控管。 童—較佳實施射,路由裝置根據不同設定檔提供複 -數個路由路徑以供封包資料進行傳遞。 ’、 ,且體6圖’為本發明之網路用戶之連線識別方法一 /、懘Λ知例之流程圖。 於㈣⑽中,令該供裝㈣器根據用戶之 置進用戶端裝置之設定槽’並將設定樓傳予路由裝 丁叹疋。接著進至步驟S61。 110973 12 201015916 ;二驟S61中,令該路由裝置根據對應該用戶端裝置 之設定標將該用戶端裝置導入特定之虛擬路由器。接著進 至步驟S62。 ;步驟S62中,令該虛擬路由器透過GRE(generic muting encapsuUti〇n)通道技術將封包資料導向特定 之遠端路由器進行處理。接著進至步驟S63。 於步驟S63中’令該遠端路由器透過GRE通道技術將 處理後之封包資料導向原路由裝置。 ❹士 —藉由此方式’網際網路服務提供者可透過GRE通道將 •疋用戶的封包資料快速的導入遠端路由器進行處理再 傳回到原接取路由器’藉由GRE通道對於提供服務的網際 網路提供者而言,其毋須針對位於不同區域或處於遠地的 用戶額外建置服務設備’透過GRE通道使位於不同區域或 •處於遠地的用戶連結至建置於特定區域的服務設備,可節 省網^提供者的設備建置成本外。惟使用gre通道技術僅 為-實施態樣,只要用於遠端連結的技術均可適用於 w明中。 今、 因此,透過上述實施例的說明可知本發明之網路用戶 之連線識別系統與方法利用個別網路用戶申請供裝時的 設定,,用以對接取路由器進行的路由路徑的設'定:接取 路由器中可預先劃分複數個指向不同服務的路由路徑,因 此每個網路用戶均由其對應之路由路徑將資料封包^向 特定服務供應裝置,如此能針對特定網路用戶之傳輸封包 進行控管且提供服務内容更彈性的組合。 匕 110973 13 201015916 可產=本效發明之網路用戶之連線識別系統與方法 、提1=:==::=:,於網際網路服 -讜你田“ ㈣及封包分流機制均無須 讓使用者額外插作,只要申嗜 仇甲叫服務日寸資料設定完成即可運 乍,口此此提尚使用者連線上網的便利性。 ⑵降低用戶端建構安全防 網路服務提供者可藉由此方式#用自&成' 由於麟 飞Τ用戶的封包嘗斜谁j千扣r ❿官與防護,因此用戶端無須額外費、 工 ,, 化費建制其他的安全防護 機制,如防火牆設備或防毒軟體)。 上述實施例僅為例示性說明 j 丁庄°兄明本發明之原理及其功 效,而非用於限制本發明。任何 τ、土此I > 此項技術之人均可在 不連月本發明之精神及範疇下,斟 變化。 靶河下對上述實施例進行修飾與 【圖式簡單說明】 圖為本發明之網路用戶之連線識別系統之架構 ❹架構^圖為習知技術之lM)aSed網路封包傳輸系統之 第 圖; 第3圖為本發明之網路用戶之連線識別系 貫施例之架構圖; —第4圖為本發明之網路用戶之連線識別系統另一呈 體貫施例之架構圖; ^ 第5圖為本發明之網路用戶之連線識別方法的流程 110973 14 201015916 圖;以及 第6圖為本發明之網路用戶之連線識別方法一具體 實施例之流程圖。 【主要元件符號說明】 10a Α用戶端裝置 10b B用戶端裝置 10c C用戶端裝置 11 路由裝置 〇 12 服務供應裝置 13 網際網路 20 用戶端裝置 21 路由裝置 -22 服務供應裝置 、23 網域 30 用戶端裝置 31 路由裝置 32 供裝伺服器 33 服務供應裝置 34 網際網路 40a 服務用戶端裝置 40b 一般用戶端裝置 41 接取路由器 410 A虛擬路由益 411 B虛擬路由器 15 110973 201015916 42 供裝伺服器 43a 、 43b 網路連線設備 44 服務供應裝置 45 網際網路 S50-S51 步驟 S60-S63 步驟© Please ask the user of the network or service to perform connection identification and import processing to divert and manage the packet data of the special A user, and become the current problem. y [Summary] A solves the above-mentioned shortcomings of the prior art. The purpose of the present invention is to provide a network user's connection identification system and method for identifying the identity of the connection and providing a service orientation for the user's network connection. Routing. 10 A prior to the purpose and other purposes, the present invention provides a network user = connection identification system and method. The network user's connection identification system is split; the routing device is used to provide the user-side split connection; and the service provider, the system provides the service v s' two-terminal device 'where' The routing device directs the client device network connection to the service providing device according to the setting corresponding to the user interface. In the package mode, the connection identification of the network user of the present invention, the system is used to set the corresponding user equipment setting 110973 6 201015916 in another preferred aspect, the service provided by the service provider The method for identifying the connection of the network user for anti-virus, anti-virus, blocking malicious packets, blocking malicious connection and/or webpage (4), including the following steps: (1) connecting the user device to the routing device; and (2) ordering The routing device imports the client device network cable into a specific routing path according to a setting slot corresponding to the client device. In a preferred aspect, the step (1) includes: (1) causing the supply server to set the routing device according to the configuration file; and (b) the client device is coupled to the routing device. Compared with the prior art, the network user connection identification and method of the present invention uses a network to identify a specific network user when the application is installed. Once the specific network user performs the specific network user Network:: . Line 'takes the router to import the user's packet data into the appropriate routing path or service provider through the content of the profile to carry out packet offloading and management. [Embodiment] > DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT(S) The present invention may be readily understood by those skilled in the art from this disclosure. Other advantages and advantages of the present invention can be readily appreciated. Please refer to FIG. 2, which is the architecture of the network user of the present invention. As shown in the figure, the network user's connection identification system of the present invention includes 'users. Device 2 G, routing device 2 service provision device] 10973 7 201015916 22 and domain 23. User device 2G is a device that can access data and perform data processing - such as a desktop computer, a notebook computer , a digital television device, a personal digital assistant, and/or a mobile phone. The wide routing device 21 is used to provide a path for the user terminal device 21 to connect. The routing device 21 is a device for transmitting information between networks. It is used to determine the data transmission path. Since the data on the network is divided into one: a packet (clear (4), and the location of these packets is determined by the device 21. The routing device 21 will be based on the destination of the data. Indicate the correct direction, calculate the most convenient and efficient path to evaluate the transmission, optimize the transmission, and find the most appropriate path. Therefore, when the client device 20 uploads or receives the data packet, the route and data The packet is directed to a specific router or server. The service provider 2 2 is used to provide the client device 2, various services, and the service is provided. The service provided by the device 22 can be anti-virus, anti-virus, blocking malicious packets, blocking malicious connections and/or webpages. In the specific implementation of the present invention, the routing device 21 is first connected by the client device 20, and then routed. In the device 21, according to the user equipment 2〇=profile generation corresponding routing path 1 the good end device 2 () uploads the packet nurturing, the routing device 21 can pass the policy-based routing (PBR) technology The packet data is imported into a specific routing path for transmission to the preset service provider 22, and the device is finally configured to transmit to the domain 23 by the routing device 21. The content of the profile is based on the PBR. The technology is written. The profile is established according to 110973 8 201015916 according to the user's application for network application or service. It should be noted here that the routing device 21 and the profile are not limited to the use of pBR' technology, and any protocol that recognizes the client connection request and directs the request to a particular route can be used. In a preferred embodiment, the client device connects the routing device through a wide area network system, a virtual private network system, a regional network system, and/or a wireless network. In another preferred embodiment, the network subscriber's connection identification beta system of the present invention includes a health care device for providing a configuration file corresponding to the client device to the routing device. Referring to Figure 3, the connection identification of the network user of the present invention is an architectural diagram of a specific embodiment. The present embodiment includes a client device, 30 routing device 31, a server server 32, a service provider device, and an Internet network 34. The mode of operation is described in detail below. The merchant device 3G must be connected to the routing device 31 to be able to transfer the packet to the Internet. When the client device 30 requests the Internet service provider for the installation or network service, the Internet service provider establishes the profile 'for the routing device 31 to set, in the present: ': The Internet The routing service provider stores the set slot established in the installation: 32, and the routing server 31 sets the routing device 31. Although the packet data of the client device 30 is transmitted to the routing device 31, the + device 31 will guide the packet data to the service provider according to the setting == execution service content, and after completion, the device 3 transmits the packet data to the Internet 34 by the device 31. The packet data from the Internet 110973 9 201015916 way 34 is also routed via the way device 30. Therefore, the distribution and management of the packet data directed to the client and the user through the local device and the device 31 are used for the diversion and management. In a preferred embodiment, the routing device 31 = several ones, so that the uploading and downloading of the packet data is available; = for the field • Tian Hao * Yamagata® Becai Dou where the 'package information can be User & 3G connection method and / or application service type. τ Shen further stated that 'the different profiles generated by the different users of the network user, the setting slot door-server 32 or routing device 31, | stored in the supply and distribution The user's connection is responsive to the user's settings. Please refer to FIG. 4, which is a network diagram of the present invention. In this embodiment, services are included: the user=device 40a, the general client device 4〇b, the access router 4, the server 42, the network connection (4), the service provider, and the Internet 45. 44, the service client device 40a has provided the Internet access function and the specific network service function to the Internet service, and the general user terminal device only applies for the Internet access function in May, and therefore forms according to the difference of the application of the client device ^ Π 0973 10 201015916 The two "is"; is, for the access router 41 to direct the packet data to different routing paths. At the time of implementation, the general client device 40b is connected to the access router 41 via the network connection device 43b. The access router 41 is divided into an A virtual router 410 and a B virtual router 411 according to the contents of the setting slot. Since the Internet access function is generally applied by the ^ terminal device injury, when the packet data enters the access router 41, the B virtual router! introduces the packet data into the Internet 45. Similarly, the packet data transmitted from the Internet 45 to the general user device Yang is transmitted to the general user device by the B virtual router 4U after receiving the route. The packet is passed. :: The service client device 4〇a ’ when it receives the route 11 41 through the network connection device ^, the packet data from the device is imported into the service provider by the A route. After the processing is performed, the service provider 44 transmits the packet to the beta virtual port routing state 411 to import the packet data into the Internet 45. Another ^Internet 45: the packet processing that is transmitted to the service client device: the delivery message is transmitted to the client device via the service provider 44. The setting of the broadcast 'this setting' is to pick up the route g and the packet transmission route. The above implementations & 士^p have different data 弁 value 5 η to make the client device 40a packet, first passed to the A virtual router 4] 〇, then passed to the service for 44 to pass to the beta virtual router 41] to upload to the Internet 45 110 110973 11 201015916 = service user installation data must be set 44 for control. Therefore, the present invention searches for the uplink and downlink seals of the client device through different routing paths: transmitting different 'network service combinations. l Beakers are called for more flexibility. Refer to Figure 5 for a connection diagram of the network users of the present invention. As shown in the figure, the specific process includes the following steps: in step S50, the user equipment is connected to the user terminal to be located through the WAN system, the virtual private network, the system, and/or the wireless network connection. Routing device: the user terminal = the computer has no computer, the notebook computer, the personal digital assistant and/or the mobile feeding service = the law / the example, the step S50 includes the step S501 to make the installation - and the step S5G2 to the client The device links the routing device. In step S51, the routing device is configured to analyze or control the user equipment according to the corresponding service provider by referring to the corresponding service provider. The child-preferred implementation, the routing device provides a plurality of routing paths for the packet data to be transmitted according to different profiles. ', and the figure 6' is a flow chart of the method for identifying the connection of the network user of the present invention. In (4) (10), the supply (4) device is placed in the setting slot of the user device according to the user's setting, and the setting building is transmitted to the routing device. Then it proceeds to step S61. 110973 12 201015916 ; In step S61, the routing device is caused to import the client device into a specific virtual router according to a setting flag corresponding to the client device. Then, it proceeds to step S62. In step S62, the virtual router is directed to the specific remote router for processing by using a GRE (generic muting encapsuUti〇n) channel technology. Then it proceeds to step S63. In step S63, the remote router directs the processed packet data to the original routing device through the GRE channel technology. Gentleman - In this way, the Internet service provider can quickly import the user's packet data into the remote router through the GRE channel for processing and then forward it back to the original access router. For Internet providers, they do not need to build additional service devices for users located in different areas or in remote locations. 'GRE channels enable users in different areas or remote locations to connect to service devices built in specific areas. Save the network ^ provider's equipment construction costs. However, the gre channel technology is only used for implementation, as long as the technology for remote connection can be applied to the application. Now, the description of the above embodiments shows that the network user's connection identification system and method of the present invention utilizes the settings of the individual network users when applying for installation, and is used to set the routing path for the access router. The access router can pre-divide a plurality of routing paths pointing to different services, so each network user encapsulates the data to a specific service provider by its corresponding routing path, so that the transmission packet can be targeted to a specific network user. Control and provide a more flexible combination of service content.匕110973 13 201015916 产========================================================================================================== Allow the user to insert additional software, as long as the application of the sinister squad called the service day data can be completed, the mouth will increase the convenience of the user to connect to the Internet. (2) Reduce the user-side construction security and anti-network service provider In this way, you can use the self- & into the user's package because of the squad, and the user does not need extra fees, labor, and other security mechanisms. For example, a firewall device or an anti-virus software. The above embodiments are merely illustrative of the principles and effects of the present invention, and are not intended to limit the present invention. Any of the τ, I I > Everyone can change without changing the spirit and scope of the invention. The above embodiment is modified under the target river and [simplified description of the diagram] The diagram shows the architecture of the network identification connection system of the invention. The picture shows the lM) aSed network of the prior art. The figure of the packet transmission system; FIG. 3 is an architectural diagram of the connection identification system of the network user of the present invention; FIG. 4 is another embodiment of the connection identification system of the network user of the present invention. The architecture diagram of the embodiment; ^ FIG. 5 is a flow chart of the method for identifying the connection of the network user of the present invention 110973 14 201015916; and FIG. 6 is a specific embodiment of the method for identifying the connection of the network user of the present invention. [Main element symbol description] 10a Α client device 10b B client device 10c C client device 11 routing device 服务 12 service provider device 13 Internet 20 client device 21 routing device 22 service provider device, 23 Domain 30 Client Device 31 Routing Device 32 Serving Server 33 Service Provisioning Device 34 Internet 40a Serving Client Device 40b General Client Device 41 Accessing Router 410 A Virtual Routing Benefit 411 B Virtual Router 15 110973 201015916 42 Servers 43a, 43b Network Connection Device 44 Service Provider 45 Internet S50-S51 Steps S60-S63 Steps

16 11097316 110973

Claims (1)

201015916 十、申請專利範圍: 1. 一種網路用戶之連線識別系統,包括: 用戶端裝置; 徑;以及 服務供應裝 裝置 2. 其中,該路由裝置根據對應該用戶端裝置之設定 檔將該用戶端裝置導入該服務供應裴置。 认疋 如申請專利範圍第1項之網路用戶之連線識別系統, 復包括供裝伺服器,係用以將對應該用戶端夕# 定檔提供予該路由裝置。 、 °又 3. ^申請專利範圍第1項之網路用戶之連線識別系統, -*中,該用戶端裝置透過廣域網路系統、虛擬私人網 路糸統、區域網路系統及/或無線網路連結該路由裝 置。 4’ ^請專利範圍第!項之網路用戶之連線識別系統, 2中,該用戶端裝置為工作站、桌上型電腦、筆記型 電腦、個人數位助理及/或行動電話。 5. =請專利範圍第Η之網路◎之連線識別系統, 再中,該路由裝置根據不同用戶媸 複數個路由路徑。⑽戶^置之設定檔提供 6. ^請專利範圍第5項之網路用戶之連線識別系統, ,、,該用戶端裝置藉由該路由路徑傳送封包資料。 110973 17 201015916 · # 類 7.如申請專利範圍第!項之網路用戶之連線識別系统, 其中,該設定槽包括用戶端裝置之供裳資料,:亥供裝 資料為該用戶端裝置的連線方式及/或申請:務種 8. 9. 如申請專利範圍第1項之網路用戶之連線識別系統, 其中,該服務供應裝置提供之服務為防毒、婦毒、阻 擋惡意封包、阻擋惡意連線及/或網頁過濾。 -種網路用戶之連線識別方法,係包括以:^步驟: (1) 令用戶端裝置連結路由裝置;以及 (2) 令該路由裝置根據對應該用戶端裝置之設定 槽將該用戶端裝置導入特定之服務供應裝置。 10.如申請專職圍第9項之網路用戶之連線識別方法, 其中,步驟(1)復包括: U-1)令供裝伺服器將對應該用戶端裝置之設定 槽提供予該路由裝置;以及 ❹ (1 2)令s亥用戶端裝置連結該路由裝置。 11·如申請專利範圍第9項之網路用戶之連線識別方法, 其中,該用戶端裝置透過廣域網路系統、虛擬私人網 路系統、區域網路系統及/或無線網路連結該路由裝 置。 12. 如申請專利範圍第9項之網路用戶之連線識別方法, 其中’該用戶端裝置為工作站、桌上型電腦、筆記型 電腦、個人數位助理及/或行動電話。 13. 如申請專利範圍第9項之網路用戶之連線識別方法, 110973 18 201015916 其中,該路由裝置根據不同設定檔提供複數個路由路 徑。 14. 如申請專利範圍第9項之網路用戶之連線識別方法, ” 其中,該路由裝置與服務供應裝置連結,且步驟(2) * 更包括該路由裝置將該用戶端裝置之封包資料導入 遠端服務供應裝置的步驟。 15. 如申請專利範圍第14項之網路用戶之連線識別方 法,其中,步驟(2)更包括該路由裝置將該用戶端裝置 ❿ 之封包資料透過 GRE (generic routing encapsulation) 通道導入該遠端服務供應裝置。 19 110973201015916 X. Patent application scope: 1. A network user connection identification system, comprising: a client device; a path; and a service supply device 2. wherein the routing device is configured according to a configuration file corresponding to the user device The client device imports the service provisioning device. For example, the connection identification system of the network user who applies for the patent scope item 1 includes a provisioning server for providing the corresponding user terminal to the routing device. , ° and 3. ^ Apply for the patent range of the Internet user's connection identification system, -*, the client device through the WAN system, virtual private network system, regional network system and / or wireless The network connects to the routing device. 4' ^Please request the patent range! In the network identification connection system of the item, in the 2, the client device is a workstation, a desktop computer, a notebook computer, a personal digital assistant and/or a mobile phone. 5. = Please select the network identification system of the network scope of the patent scope. In addition, the routing device has multiple routing paths according to different users. (10) Providing the profile of the household device 6. Please request the network user's connection identification system of the fifth item of the patent scope, and the client device transmits the packet data through the routing path. 110973 17 201015916 · #类 7. If you apply for a patent range! The connection identification system of the network user of the item, wherein the setting slot comprises the information of the client device, and the data for the installation of the device is the connection mode of the user device and/or the application: 8. For example, the network user's connection identification system of claim 1 is provided, wherein the service provided by the service provider is anti-virus, nuisance, blocking malicious packets, blocking malicious connection and/or web filtering. - a method for identifying a connection of a network user, comprising: step: (1) causing the client device to connect to the routing device; and (2) causing the routing device to associate the client device according to a setting slot corresponding to the client device The device is imported into a specific service provider. 10. For the method for identifying the connection of the network user of the full-time ninth item, wherein the step (1) includes: U-1) causing the provisioning server to provide the setting slot corresponding to the client device to the route. The device; and ❹ (1 2) cause the shai client device to connect to the routing device. 11. The method for identifying a connection of a network user according to claim 9 wherein the client device connects the routing device through a wide area network system, a virtual private network system, a regional network system, and/or a wireless network. . 12. The method for identifying a connection of a network user according to claim 9 of the patent scope, wherein the client device is a workstation, a desktop computer, a notebook computer, a personal digital assistant, and/or a mobile phone. 13. The method for identifying a connection of a network user according to claim 9 of the patent scope, 110973 18 201015916 wherein the routing device provides a plurality of routing paths according to different profiles. 14. The method for identifying a connection of a network user according to claim 9 of the patent scope, wherein the routing device is connected to the service provider, and the step (2)* further includes the packet device of the routing device. The step of importing the remote service provider device. 15. The method for identifying a connection of a network user according to claim 14, wherein the step (2) further comprises the routing device transmitting the packet data of the client device to the GRE. (generic routing encapsulation) The channel is imported into the remote service provider.
TW097139308A 2008-10-14 2008-10-14 System and method for identifying user establishing network connection TW201015916A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
TW097139308A TW201015916A (en) 2008-10-14 2008-10-14 System and method for identifying user establishing network connection
US12/543,948 US20100091773A1 (en) 2008-10-14 2009-08-19 System and method for identifying network-connected user

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW097139308A TW201015916A (en) 2008-10-14 2008-10-14 System and method for identifying user establishing network connection

Publications (1)

Publication Number Publication Date
TW201015916A true TW201015916A (en) 2010-04-16

Family

ID=42098792

Family Applications (1)

Application Number Title Priority Date Filing Date
TW097139308A TW201015916A (en) 2008-10-14 2008-10-14 System and method for identifying user establishing network connection

Country Status (2)

Country Link
US (1) US20100091773A1 (en)
TW (1) TW201015916A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105917619A (en) * 2014-01-17 2016-08-31 高通股份有限公司 Forwarding messages in a communication network

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9781055B2 (en) * 2014-08-18 2017-10-03 Cisco Technology, Inc. Dynamic cascaded clustering for dynamic VNF

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040073679A1 (en) * 2002-09-05 2004-04-15 Martens John A. Global unique identification of subscriber
US20050169253A1 (en) * 2004-02-03 2005-08-04 Qingmin Hu WLAN communication service platform
EP1681825B1 (en) * 2005-01-14 2012-03-07 Bae Systems Plc Network-based security platform
US20080059605A1 (en) * 2006-01-20 2008-03-06 Shaul Shalev Systems and methods for operating communication processes using a personalized communication web server
US8150371B2 (en) * 2007-05-03 2012-04-03 Qualcomm Incorporated Interactive control of access to services and capabilities of a mobile device
US7961725B2 (en) * 2007-07-31 2011-06-14 Symbol Technologies, Inc. Enterprise network architecture for implementing a virtual private network for wireless users by mapping wireless LANs to IP tunnels

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105917619A (en) * 2014-01-17 2016-08-31 高通股份有限公司 Forwarding messages in a communication network

Also Published As

Publication number Publication date
US20100091773A1 (en) 2010-04-15

Similar Documents

Publication Publication Date Title
JP6098021B2 (en) Exclude specific application traffic from customer consumption data
US8199761B2 (en) Communications multiplexing with packet-communication networks
US8280989B2 (en) Method, system and apparatus for provisioning a communication client
US8982893B2 (en) System and method of quality of service enablement for over the top applications in a telecommunications system
EP2629466B1 (en) Method, device and system for forwarding data in communication system
US20030093459A1 (en) Virtual connection of a remote unit to a server
TW201204098A (en) Dynamic service groups based on session attributes
CN102111454A (en) Method and system for sharing webpage or multimedia information
ZA200605000B (en) Resource sharing broadband access system, methods, and devices
US8862869B1 (en) Method and apparatus for providing network initiated session encryption
CN107018057B (en) It is transmitted by the fast path content of Metro access networks
SG188243A1 (en) Apparatus and methods for multimode internetworking connectivity
CN104541483A (en) Method and system to enable re-routing for home networks upon connectivity failure
EP3297216B1 (en) System for providing an enhanced and/or supplementary network connectivity to at least one client device, use of a mobile phone or a mobile computing device, comprising a corresponding software application, as a supplementary access gateway device.
EP2583431B1 (en) Procedure for commercial communications
JP2010154086A (en) Communication controller, communication control method of the communication controller, control program, and recording medium
TW201015916A (en) System and method for identifying user establishing network connection
CN104168302B (en) Equipment manipulation implementation method, system and proxy gateway
US7054321B1 (en) Tunneling ethernet
EP2043300A1 (en) Data transmission network, method, network element and pro-gram
JP4660682B2 (en) Network communication system and communication apparatus and program used in the communication system
US11539821B1 (en) Systems and methods for altering the character of network traffic
WO2008141516A1 (en) Message transmitting method, transmitting device and transmitting system
WO2013044483A1 (en) Access processing method, apparatus and system
CN107835112B (en) Methods, systems, and devices for providing enhanced and/or supplemental network connectivity to client devices